Google Fixes Glass Malicious QR Code Security Flaw

rated by 0 users
This post has 2 Replies | 0 Followers

Top 10 Contributor
Posts 26,722
Points 1,208,955
Joined: Sep 2007
ForumsAdministrator
News Posted: Wed, Jul 17 2013 2:40 PM
Pretty much everything that connects to the Internet is hackable--the exciting but vulnerable “Internet of Things”--but if we’re lucky, security researchers discover most of the vulnerabilities and exploits and help manufacturers patch them before cybercriminals make hay with them. Such is the case with Google Glass and Lookout Mobile Security.

The Lookout Mobile Security folks identified a vulnerability in Google Glass wherein they could use a malicious QR code to hack the spectacles. Basically, as Google Glass “looked around” and took photographs, it scanned a QR code; however, that QR code was malicious and forced Google Glass to connect to a nearby WiFi hotspot that was controlled by a hacker.

Google Glass, hacked by a QR code

Once connected, it’s game over; the hacker can then spy on everything Glass did, from pictures to Web requests, as well as direct Glass to a website that would hack the device as it browsed the page.



Lookout Mobile Security reported the flaw to Google on May 16th, recommending that Google adjust the code so that Glass would only read QR codes when the user allowed it, and Google fixed it by June 4th.

This is an example of a situation where everything went right, but too often, we learn of hacks the hard way. It’s a good lesson as the Internet of Things continues to evolve.
  • | Post Points: 20
Top 50 Contributor
Posts 2,929
Points 24,760
Joined: Jul 2001
Location: United States, New York
digitaldd replied on Thu, Jul 18 2013 10:21 AM

Ok they've fixed it have they begun to deploy the fix? I mean most phones vulnerable to the masterkey issue will never see the fix, hell it hasn't been pushed to Nexus phones yet even..  http://bluebox.com/corporate-blog/bluebox-uncovers-android-master-key/

  • | Post Points: 20
Top 500 Contributor
Posts 257
Points 3,190
Joined: Aug 2012
Jaybk26 replied on Thu, Jul 18 2013 1:07 PM

Fortunately there still aren't many of them in circulation, so deploying the fix shouldn't be that difficult.

  • | Post Points: 5
Page 1 of 1 (3 items) | RSS